---
layout: docs
page_title: Domain Model - Credentials
description: |-
  The anatomy of a Boundary credential
---

# Credentials

A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a [host][] for a [session][].

## Credential types

Optionally, credentials can be typed to indicate compliance with a specific format.
The following credential types are supported in Boundary:

- [Username password](#username-password)
- [SSH private key](#ssh-private-key)
- [SSH certificate](#ssh-certificate)
- [JSON](#json)

### Username password

`username_password` credentials contain the following fields:

- `username` - The username field associated with the credential.

- `password` - The password field associated with the credential.

### SSH private key

`ssh_private_key` credentials contain the following fields:

- `username` - The username field associated with the credential.

- `private_key` - The private key field associated with the credential.

### SSH certificate

`ssh_certificate` credentials contain the following fields:

- `username` -  The username field associated with the credential.

- `ssh_certificate` - The SSH certificate associated with the credential.

### JSON

As of Boundary 0.11.0, you can provide credentials using a JSON blob.
JSON credentials are only brokered to users that connect to machines.
There is no required structure for the JSON blob, other than it must be a key value map.
Refer to the example below:

<CodeBlockConfig heading="JSON credentials blob example">

```JSON
{
  "type": "service_account",
  "project_id": "",
  "private_key_id": "",
  "private_key": "-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----\n",
  "client_email": "",
  "client_id": "",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": ""
}
```

</CodeBlockConfig>

## Referenced by

- [Credential Store][]
- [Credential Library][]
- [Session][]
- [Target][]

[credential library]: /boundary/docs/concepts/domain-model/credential-libraries
[credential libraries]: /boundary/docs/concepts/domain-model/credential-libraries
[credential store]: /boundary/docs/concepts/domain-model/credential-stores
[credential stores]: /boundary/docs/concepts/domain-model/credential-stores
[host]: /boundary/docs/concepts/domain-model/hosts
[session]: /boundary/docs/concepts/domain-model/sessions
[target]: /boundary/docs/concepts/domain-model/targets
